Heartland Payment Suffers Data Breach

Last year Bob Carr, CEO of Heartland Payment Systems, published a book called “Through the Fires” about how the Nassau Street-based credit card company dealt with a devastating data security breach in 2008. Now, it looks like the company is headed into the fires again, although the size of this particular fire is unknown.

On May 8, in a letter to customers and the California Attorney General, Heartland said there was a break-in at its Santa Ana, California office and thieves had made off with password-protected computers containing customers’ personal information.

“We have seen no evidence suggesting that the data has been accessed on the stolen computers or used in any way, and we have no reason to believe any such use will occur,” the letter said. Nevertheless, the company is offering customers free identity theft protection from the Kroll company for one year.

The company did not say how many customers’ information was on the stolen computers.

In the 2008 data breach, one of the largest in history, hackers used an SQL injection on Heartland’s website to access the company’s corporate network. They accessed 100 million credit and debit cards issued by more than 650 financial services companies. The breach cost Heartland $32 million.